CVE-2005-3949 - CVE Reference - Advisories

CVE Reference: CVE-2005-3949

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-3949

Description: Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4) multiple parameters to export_handler.php.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/23369 SREASON http://securityreason.com/securityalert/215 SAID Secunia Advisory: SA17784 Secunia Advisory: SA19240 OSVDB 21216 21217 21218 21219 MISC http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities DEBIAN http://www.debian.org/security/2006/dsa-1002 CONFIRM http://sourceforge.net/forum/forum.php?thread_id=1392833&forum_id=11587 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/418286/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/417900/100/0/threaded BID 15608 15606 15662

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Linux Kernel LDT Buffer Size Handling Vulnerability

2.	Drupal Session Fixation Vulnerability

3.	OpenBSD BIND Query Port DNS Cache Poisoning

4.	Ubuntu update for php

5.	IPCop update for perl

6.	Red Hat update for kernel

7.	Slackware update for dnsmasq

8.	Debian update for xulrunner

9.	Red Hat update for thunderbird

10.	Fedora update for asterisk